Various authentication methods are employed to authenticate users accessing financial accounts from user terminals. For example, when accessing an account from an automated teller machine (ATM), users are typically required to provide a physical card and a personal identification number (PIN). On most modern ATMs, the customer is identified after inserting a plastic ATM card with a magnetic stripe or a plastic smart card with a chip, that contains a unique card number and some security information such as an expiration date and CVV code. Authentication is typically provided by the customer entering a PIN, but other authentication techniques may be implemented. Using an ATM, customers can access their bank accounts in order to make deposits of cash or checks, make cash withdrawals, obtain credit card cash advances, and check their account balances as well as other functions.
One issue with ATMs and other such secret password authentication based systems is that they are vulnerable to fraud. For example, while in previous decades, ATMs retained an inserted bank card through the duration of a transaction, currently existing ATMs merely require customers to swipe or dip the card to be read. At the end of a transaction, the customer is typically prompted for further action during an authentication session. Since the customer has already reclaimed his ATM card and has completed the transaction, the customer might vacate the ATM prior to termination of authentication, thus leaving the authenticated session open for potential fraudulent use.
Additionally, malicious users may obtain bank account information by attaching scanning devices to an ATM to read a transaction card and record the embedded account information, and also obtain the user's PIN number by watching or recording video of the user entering the PIN on the ATM keypad. Once the malicious user has the account information and PIN, he has access to the user's account. Other systems in which a user enters a password, PIN, log-in or other private information are similarly susceptible to fraud. For example, a malicious user can obtain a user's secure website log-in and password by watching the user input the private information.
ATMs are frequently equipped with cameras for security reasons that also may be capable of capturing video and snapshots of the customer facing the camera. Recently, various financial institutions have started to use still imaging or video imaging in their ATMs to authenticate customer access. Instead of, or as an alternative to, using a bank card or personal identification number, such ATMs capture an image of the customer's face and compare it to the account holder's photo in the financial institution's database to confirm the customer's identity.
Although customer authentication by facial recognition offers various advantages, it too can be vulnerable to fraud when employed as a stand-alone authentication technique. For example, one way to trick or “spoof” a facial recognition system is to present a two dimensional representation (e.g., picture, photograph, etc.) of a person in front of the camera, where the two-dimensional image shows a front view of that person. The two dimensional image can cause the system to identify an authorized user based on the features in the picture or photograph. Therefore, a malicious user may be able to gain access to an ATM account or other secured system simply by procuring a picture or other artificial representation of an authorized user.
Accordingly, there is a need for solutions for identifying and authenticating users of ATMs and other electronic devices such as described above. Such solutions desirably should be extremely difficult to circumvent, and should provide an improved user experience. Both users and financial institutions would benefit from a decrease in fraudulent transactions.